Loading ...
Sorry, an error occurred while loading the content.

Limit an account to 1 email address

Expand Messages
  • Grant
    Each of my systems sends alerts to my mail server for delivery to my email address through a special user account on my mail server with no shell account which
    Message 1 of 5 , Dec 8, 2012
    • 0 Attachment
      Each of my systems sends alerts to my mail server for delivery to my email address through a special user account on my mail server with no shell account which is only used for this purpose.  Can I limit all mail sent by authenticating through this user account so that it can only be delivered to my email address?  The user's password is stored in plain text in ssmtp.conf on each of my systems but I figure that doesn't matter if it can only be used to send mail to my address.

      - Grant
    • Reindl Harald
      ... do you mean a catch-all address? sorry but the decription of your goal is weird
      Message 2 of 5 , Dec 9, 2012
      • 0 Attachment
        Am 09.12.2012 03:16, schrieb Grant:
        > Each of my systems sends alerts to my mail server for delivery to my email address through a special user account
        > on my mail server with no shell account which is only used for this purpose. Can I limit all mail sent by
        > authenticating through this user account so that it can only be delivered to my email address? The user's password
        > is stored in plain text in ssmtp.conf on each of my systems but I figure that doesn't matter if it can only be used
        > to send mail to my address.

        do you mean a catch-all address?
        sorry but the decription of your goal is weird
      • mouss
        ... maybe OP is trying to say: this sender can only send to a specifc email address. if so, restriction classes can help:
        Message 3 of 5 , Dec 9, 2012
        • 0 Attachment
          Le 09/12/2012 11:28, Reindl Harald a écrit :
          >
          > Am 09.12.2012 03:16, schrieb Grant:
          >> Each of my systems sends alerts to my mail server for delivery to my email address through a special user account
          >> on my mail server with no shell account which is only used for this purpose. Can I limit all mail sent by
          >> authenticating through this user account so that it can only be delivered to my email address? The user's password
          >> is stored in plain text in ssmtp.conf on each of my systems but I figure that doesn't matter if it can only be used
          >> to send mail to my address.
          > do you mean a catch-all address?
          > sorry but the decription of your goal is weird
          >

          maybe OP is trying to say: this sender can only send to a specifc email
          address. if so, restriction classes can help:
          http://www.postfix.org/RESTRICTION_CLASS_README.html

          if not, OP is invited to state his goal with an example.
        • Grant
          ... email address through a special user account ... purpose. Can I limit all mail sent by ... delivered to my email address? The user s password ... figure
          Message 4 of 5 , Dec 9, 2012
          • 0 Attachment
            > >> Each of my systems sends alerts to my mail server for delivery to my email address through a special user account
            > >> on my mail server with no shell account which is only used for this purpose.  Can I limit all mail sent by
            > >> authenticating through this user account so that it can only be delivered to my email address?  The user's password
            > >> is stored in plain text in ssmtp.conf on each of my systems but I figure that doesn't matter if it can only be used
            > >> to send mail to my address.
            > > do you mean a catch-all address?
            > > sorry but the decription of your goal is weird
            > >
            >
            > maybe OP is trying to say: this sender can only send to a specifc email
            > address. if so, restriction classes can help:
            >     http://www.postfix.org/RESTRICTION_CLASS_README.html
            >
            > if not, OP is invited to state his goal with an example.

            I'm sorry for the weird description.  I want to send email alerts from each of my systems to my own email address.  To do this, I've created a special user on my mail server and put that user's password in ssmtp.conf on each of my systems.  Since this is not a secure way to store a password, I'd like to lock down the special user on my mail server so that any mail client authenticating as that user can only send email to my email address.  That way the password doesn't need to be secure.

            - Grant
          • Noel Jones
            ... To really lock this down requires two steps: 1 - limit the credentials to a specific sender address. 2 - limit the sender address to a specific recipient.
            Message 5 of 5 , Dec 9, 2012
            • 0 Attachment
              On 12/9/2012 2:35 PM, Grant wrote:
              > I'm sorry for the weird description. I want to send email alerts
              > from each of my systems to my own email address. To do this, I've
              > created a special user on my mail server and put that user's
              > password in ssmtp.conf on each of my systems. Since this is not a
              > secure way to store a password, I'd like to lock down the special
              > user on my mail server so that any mail client authenticating as
              > that user can only send email to my email address. That way the
              > password doesn't need to be secure.
              >
              > - Grant


              To really lock this down requires two steps:
              1 - limit the credentials to a specific sender address.
              2 - limit the sender address to a specific recipient.

              something like:
              # main.cf
              smtpd_sender_login_maps = hash:/etc/postfix/sender_login
              smtpd_sender_restrictions =
              reject_sender_login_mismatch
              check_sender_access hash:/etc/postfix/limited_sender

              # sender_login
              user@... user_login_name

              #limited_sender
              user@... REDIRECT target@...

              http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps
              http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch
              http://www.postfix.org/postconf.5.html#check_sender_access
              http://www.postfix.org/access.5.html

              The reject_sender_login_mismatch will limit which MAIL FROM can be
              used with the credentials.
              The REDIRECT will capture all mail from that sender and direct it to
              the specified user, regardless of where it was originally addressed.

              Rather than the REDIRECT, some folks might prefer to use a
              restriction class to reject mail addressed to the wrong recipient.
              http://www.postfix.org/RESTRICTION_CLASS_README.html

              And as a final option, you can do all this and more in an external
              policy service. (eg. postfwd)
              http://www.postfix.org/SMTPD_POLICY_README.html




              -- Noel Jones
            Your message has been successfully submitted and would be delivered to recipients shortly.